User commands and logs

auth.log

The log with the name auth.log records authorizations – that is, logons and logoffs on a system since the last time the system was booted (Figure 4). This information can be invaluable in checking patterns of usage and detecting any departures from the norm. Only the root user can view it.

Figure 4: auth.log records all logons and logoffs.

user.log

user.log records the logins and logouts for the entire system, as well as any warnings that might indicate potential problems (Figure 5). In other words, this log is often a convenient point for troubleshooting general problems. As you might expect, only root can read this log.

Figure 5: user.log is often a good starting point for troubleshooting.

User-Related Commands

Most commands have two types of options: Unix-like ones that are preceded by a single hyphen and are typically a single letter, and GNU options that are preceded by two hyphens and are usually a complete phrase that describes what they do. You can tell how old many of the user-related commands are by the fact that several of them have no GNU options whatsoever. In other words, when you are administering users, you are really getting down to the foundations of your operating system.

Related content

Even with encrypted drives, account passwords remain one of the prime security methods for any Linux system. With a little knowledge of the available commands and their options, you can make your account passwords more secure.